What will we do at HITB Amsterdam?

Sogeti ESEC R&D will be very active at the HITB Amsterdam conference
(June 29 - July 2, 2010), and will be giving a training, a lab session
and a talk. If you want to meet us there, we can propose some reduction
coupons. Please get in touch with us for more information. Note also
that it will be the first joint event with the security team in the
Netherlands, Sogeti PaSS.

If you want to attend the conference or training, get in touch with
us...

Training: reverse engineering with Metasm

The training sessions will give the opportunity to learn to harness the
Metasm framework. Yoann Guillot, its main developer, and Alexandre
Gazet, both members of Sogeti ESEC R&D, will be there to help students
when they start the analysis of obfuscated binaries. This domain was
already covered during a few conferences, like the latest HITB Malaysia,
during which Metasm was used to defeat heavily protected binary
programs. In the training session, the students will work on smaller
sized binaries, involving both static and dynamic analyses. On this
occasion, they will learn to quickly and efficiently leverage the
framework by writing custom scripts to assist them in their day to day
code analysis duties.

Metasm Lab: reverse engineering for beginners

For those who will not be able to attend the training, a lab session is
also scheduled during the conference. Yoann and Alexandre will give a
shorter introduction to Metasm hacking. It will cover the most
fundamental tools in the framework, like the debug API, the disassembler
and the compiler. In the end, attendees will be able to dive into Metasm
and start reversing strongly protected binaries.

Talk: subverting the Windows 7 x64 kernel with DMA attacks

Damien Aumaitre and Christophe Devine, also from Sogeti ESEC R&D, will
present a new cutting-edge attack targeting the latest operating system
from Microsoft, Windows 7, effectively disabling all protection features
(driver signing, integrity checking...). First, we will give details on
the internal structures of the new Windows 7 kernel. Then we will
present a home FPGA-based PCMCIA card used to gain control of the host,
bypassing all protections, just by plugging it in the host.